As part of a more stringent ruleset regarding customer privacy, Apple has reportedly started rejecting apps which access UDIDs in a practice that will become de rigueur for all review teams.

Citing developer claims, TechCrunch on Saturday reported that Apple has quietly been denying offending app submissions in an effort to ultimately deprecate all UDID access.

A UDID, or unique device identifier, is basically a serial number that a mobile network uses to identify mobile devices like the iPhone and iPad. The 40-character alphanumeric string is not replicated on any other device, making it an ideal form of tracking which is currently used by ad companies, analytics firms and app testing systems.

In August 2011, Apple warned software makers that the company would be killing off UDID access with iOS 5, suggesting that developers begin work on app-specific tracking mechanisms. Removing the feature effectively ends OS-wide user tracking and forces developers to create their own proprietary opt-in identification systems.

The move seems to be in response to mounting concern over privacy issues from Congress and the public. Earlier this week, two U.S. congressmen sent letters to Apple and 33 developers asking questions regarding information collection practices.

According to Andy Yang, CEO of app marketing and monetization platform PlayHaven, a number of developers have seen their apps denied over the past week during Apple's review cycle. Apple reportedly has two review teams actively rejecting UDID-accessing apps with all ten teams expected to follow suit in the coming weeks.

“This is definitely happening,” Yang said. “In the next month or two, this is going to have an impact on all ad networks and apps using advertising. Everybody’s trying to make their own choices about what to use instead.”

Example of an iPad UDID as found in iTunes. | Source: Apple

Ad companies using UDID data to target specific audiences have yet to decide on a comparable alternative, though some are experimenting with MAC addresses and OpenUDID.

“Everyone’s scrambling to get something into place,” said Victor Rubba, CEO of Canadian development company Fluik, “We’re trying to be proactive and we’ve already moved to an alternative scheme.”

Media scrutiny of information gathering systems in iDevices began in April 2011, when it was learned that Apple's previous generation iOS 4 regularly logged location data from iPhones and iPads. The issue came to a head in February when it was revealed that the Path social networking app was uploading users' address book data to its servers without first asking permission. As a result, Apple promised to update its mobile OS to require user permission for apps to access certain data sets.

I'm not sure I see the difference between using a MAC address and a supposed UDID, I mean, neither one specifically identifies a person, just the device itself right? Are they just trying to get the developpers to have people 'sign up'? Otherwise I don't see the point in this move.

Some game developers use the UDID as an identifier if you want to go for the high score, without registering. Some developers are happy to do it as it means they don't have to develop anything more complicated that a rudimentary database using the UDID. Some people may not want to register but happy to post up a high score (yeah, I know).

Of course, replace your phone for any reason and you have to start again.

This is a great, move thank you Apple. Although it's very simple to deactivate apps from accessing the UDID in Android I would also like Google and Microsoft to do the same thing. It's good security practice.

When I looked up "Ninjas" in Thesaurus.com, it said "Ninja's can't be found" Well played Ninjas, well played.

As part of a more stringent ruleset regarding customer privacy, Apple has reportedly started rejecting apps which access UDIDs in a practice that will become de rigueur for all review teams.

Good start. There is currently a lot of media hysteria about ad tracking companies. Apple can take the moral high ground by enforcing stringent rules which protect users' anonymity. They can be known as the "safe" device maker if they play their cards right.

They have at least two opportunities for good PR at present:

They could be the leader in humane working conditions among CE manufacturers; and
They could be the leader in protecting users' privacy.

I'm not sure I see the difference between using a MAC address and a supposed UDID, I mean, neither one specifically identifies a person, just the device itself right? Are they just trying to get the developpers to have people 'sign up'? Otherwise I don't see the point in this move.

On their own neither is associated to a person, but once you have logged in for a service they can associate the two. Then with other applications that don't require login they can make a certain correlation. They can even start linking account relationships based on this ID.

Frankly any developer that would complain at this point is either too stupid or out of touch to be developing for iOS anyways. I mean really everywhere you look there are articles about congress, consumer groups and Joe Blow demanding that all of these security issues be taken care of. If a developer is so far gone that he can't see the writing on the wall then tough luck for him.

I really don't see how any rational person could be supporting developers here. The transgressions have been significant and on going, it isn't like just one developer screwed up here. So yeah the question is why do they need access. I think once people understand the wider issues they will realize just how bad accessing the UDID is, especially when coupled with tracking of individuals.

Exactly. Not 'pissing off' users and congressmen is probably higher on their list of priorities. If the developer is actining as a low life, then I am sure we can afford to lose them?

What's low life about it. A standard dev would use the device ID to tell where users hit in the app, and generally this information is separate from the login info. It can also - at it's most primitive - tell how many users are using the app on any one day, and tell legit users from non-legit. That is: you have 100k downloads and 150k users. There is no privacy at all associated with the UDID. It tells nothing private on its own, and Apple get that data in other ways anyway - as do google where you are continually logged in - so the cost is to devs not using iAds etc. apple is taking this info all the time for their own purposes.

Frankly any developer that would complain at this point is either too stupid or out of touch to be developing for iOS anyways. I mean really everywhere you look there are articles about congress, consumer groups and Joe Blow demanding that all of these security issues be taken care of. If a developer is so far gone that he can't see the writing on the wall then tough luck for him.

I really don't see how any rational person could be supporting developers here. The transgressions have been significant and on going, it isn't like just one developer screwed up here. So yeah the question is why do they need access. I think once people understand the wider issues they will realize just how bad accessing the UDID is, especially when coupled with tracking of individuals.

Nobody can track where you are without asking. That's separate from a UDID, it's a location request.

I'm not sure I see the difference between using a MAC address and a supposed UDID, I mean, neither one specifically identifies a person, just the device itself right? Are they just trying to get the developpers to have people 'sign up'? Otherwise I don't see the point in this move.

Honestly I think the people involved in the advertising world are just full of themselves. I do not respond to advertising at all. Even the crap that gets mailed to me every other day goes into the trash can before I even re-enter the house. There is little value in buying consumer goods on somebody else's schedule. Especially electronics where the deals always get better in a few weeks down the road.

If anything this seems to be the type of thing desperate people do. I have to wonder if there are any controlled studies on the value of consumer tracking in the modern world. By the way studies by independent scientist, not the jerks running these companies.

Theses include things like personal interest in a subject. The desire to get an app out there without the complexity of running a business. If your business is hardware the App Store is the way to distribute the software. In fact I'd have to say there are a great deal of free apps on the App Store that have nothing to do with advertising.

Quote:

Originally Posted by aBeliefSystem

The deal with free apps is advertising.

This simply means developers will find it harder to make money and it is likely Apple are using this opportunity to gain more monetary control.

That is baloney! I'm pretty sure Apple wouldn't have even bothered if it wasn't for bad developer behavior and the very public inspection of the privacy issues involved.

Honestly I think the people involved in the advertising world are just full of themselves. I do not respond to advertising at all. Even the crap that gets mailed to me every other day goes into the trash can before I even re-enter the house. There is little value in buying consumer goods on somebody else's schedule. Especially electronics where the deals always get better in a few weeks down the road.

If anything this seems to be the type of thing desperate people do. I have to wonder if there are any controlled studies on the value of consumer tracking in the modern world. By the way studies by independent scientist, not the jerks running these companies.

I agree about 98%. I do occasionally look at offers that I receive in the mail. Plus, the mail is a good way to get telemarketers to leave you alone. Just tell them to mail you something and you'll look at it. They almost never do.

"I'm way over my head when it comes to technical issues like this"Gatorguy 5/31/13

Where as in what type of device? The app can know that based on the function calls that fire when the app is opened. You don't need to be looking up my UDID for that.

.

No , where in the app. Without someway to differentiate the hits you can't tell much. 10,000 calls to a Webservice? How many per device? If 90% of the calls are from 10% of devices that tells you something ( what it tells is app dependent ).

The solution, offhand, is to generate a GUID per user and store in iCloud so it isn't lost in reinstalls, or use a guid in a local db, which would be destroyed in a reinstall. The latter isn't perfect but it gives pretty much the same info as a UDID, the difference is that that GUID us lost per reinstall while a UDID is lost with a new device. Neither is really user tracking, the fact that the solution is easy shows that Apple is playing to the congressional pea gallery.

There are far greater concerns with mobile devices that this, and as we have already seen both apple and the carriers track location when triangulating using Udids, the carriers continue to do this even if Apple has "stopped". All Apple is doing here, since it is continuing to track is use privacy concerns to curtail ads competition.

Yes but you are an idiot who barely understand what you are posting about, and always supports Apple - who are probably using the UDID all the time in iOS for their own purposes. They certainly do it in the profiles.

The problem isn't what Apple does with the UDID, the problem is what the ad companies can do with it in conjunction with sales and marketing companies.

Quote:

They also allow access to your contacts list without a confirmation, a far greater security risk.

Yes which lead to some of the abuse that started this whole movement towards tighter security in iOS. The reason, the only reason as far as I can see, for the tightening of security is the abuse of current laxity in security by developers. In effect Apple has had to tighten things up due to some very nasty habits of app developers.

Dropping the land line helped a lot there. Back in the day though if one of this idiots called I would just leave the phone off the hook for awhile. They could then talk to the air until tired.

Quote:

Originally Posted by jragosta

I agree about 98%. I do occasionally look at offers that I receive in the mail. Plus, the mail is a good way to get telemarketers to leave you alone. Just tell them to mail you something and you'll look at it. They almost never do.

The only thing that I respond to in the mail is the stuff I specifically sign up for. Generally these are catalogs that are good for a year or quarter. Mostly this is for work related purchases anyways. While some may look at a catalog as a marketing tool I don't see it as being in the same class as the flood of junk mail that comes constantly without being asked for.

I'm not sure I see the difference between using a MAC address and a supposed UDID, I mean, neither one specifically identifies a person, just the device itself right? Are they just trying to get the developpers to have people 'sign up'? Otherwise I don't see the point in this move.

UDID + your location most of the time (your home) + cookies and sites you may have visited + any information you might have shared = A unique identifier for you. Gay/Straight, Old/young, Male/Female, and so on. Soon they have a complete database about you and then sell it to advertisers to target you.